Hi,


The problem with what you are describing is the maths. Essentially, an ennumerator program (which can be quite easily written using C++ for example using a data structure to hold 24 x 255 sets of characters and use a recursive function to odometerize the selection) has to deal with every permutation of ASCII up to 24 slots which is mathematically equal to 255^24 i.e there are 255(1) x 255(2) x 255(3)...x255(24) choices. And this is before you move into unicode.


You then have to hash the results according to whatever method is being used to encrypt to produce your rainbow tables and then sort these for fast searching. Obviously there are different rainbow tables for MD5 etc. Finally, as someone else pointed out, you have to store the results.


As you can imagine, you need fairly powerful and/or multi-distributed computing power to undertake this kind of task. Which is why the rainbow project has taken a number of years to complete.


And the project runs into mud at this point because as fast as you can hash, new hashing techniques can be created and applied. eg. MD6 is coming out soon, if it hasn't already.


Of course there is a limit to how much computing power exists, both economically and in terms of the laws of physics. Moore's law determines that computing power grows exponentially each decade but thereby also sets a limit on the growth of computing power in any one decade. Boltzmann's limit determines that as the amount of power required to compute approaches the energy output of the sun, computing ability will rapidly tail off. Somewhere between these two is a theoric maximum of computing power. Materials science also affects the outcome. There is only so much silicon out there so new materials will be required soon (already happening).


As this point is approached, efficiency rather than brute force effectiveness will be required. This already happens of course because economic limits are approached sooner in each decade than physical ones. For example, elliptic curve and knapsack cryptography is more efficent than using RSA based methods, although public/private key systems are still less efficient than symmetrical key cryptography whatever method is used. What smart aleck said quantum just there now under their breath?


So you are welcome to writing such a program but see you next decade if you are planning on running it with any degree of seriousness.

The low hanging fruit of password cracking is social engineering. It is always faster and easier to breach protocol than technology.

Yurt Ennez